A number of high profile vendors released security advisories concerning vulnerabilities with a severity level from critical to medium. These issues include flaws that are being reportedly exploited in the wild. Patching is strongly recommended.
Such vulnerabilities include:
Google Chrome for Desktop (CVE-2024-0517, CVSS pending assessment) was found to be impacted by a out of bounds memory corruption enabling a potential attacker to access data beyond the memory buffer, compromising the confidentiality of sensitive information or triggering a crash. The vulnerability affects build 120.0.6099.234 for Mac, build 120.0.6099.224 for Linux, and 120.0.6099.224/225 to Windows.
VMware Aria Automation (versions 8.11x, 8.12.x, 8.13.x, 8.14.x, 8.15.x, 8.16) and VMware Cloud Foundation (5.x, 4.x) are impacted by a failed access control issue (CVE-2023-34063, CVSS 9.9) which would enable an authenticated attacker to gain unauthorized access to remote organizations and workflows. The VMware Aria Automation vulnerability is particularly concerning as the platform is used to manage automated tasks across cloud platforms with potential impact on business operations and sensitive data. Furthermore, there are reports of this vulnerability being actively exploited in the wild.
Atlassian Confluence Data Center and Confluence Server (CVE-2023-22527, CVSS 10) - 8 versions released before 5 December 2023, as well as 8.4.5 - are affected by a remote code execution vulnerability which enables an unauthenticated attacker to execute commands on the vulnerable instances. The vulnerability does not affect web resources accessed via atlassian.net.
Citrix Netscaler ADC and Gateway patched two zero vulnerabilities - CVE-2023-6548 (CVSS 5.5) and CVE-2023-6549 (CVSS 8.2) - actively exploited in the wild. CVE-2023-6548 concerns the Netscaler ADC and Gateway interface and consists of a remote code execution. However, exploitation requires the attacker to be authenticated and have access to NetScaler IP (NSIP), Subnet IP (SNIP), or cluster management IP (CLIP), which reduces the window of opportunity for attacks. CVE-2023-6549 may lead to a denial of service attacks against vulnerable appliance provided they have been configured as a Gateway or as a AAA virtual server. Affected versions include:
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
NetScaler ADC 13.1-FIPS before 13.1-37.176
NetScaler ADC 12.1-FIPS before 12.1-55.302
NetScaler ADC 12.1-NDcPP before 12.1-55.302
The threat landscape includes reports of the recently covered vulnerabilities impacting Ivanti Connect Secure, Juniper firewalls, GitLab, and last week's CISA warning concerning (among others) Microsoft SharePoint, Adobe Cold Fusion and Apache Superset.
Moreover, a Bishop Fox report published on 15 January 2023 details attempts to exploit two Sonic Wall vulnerabilities - CVE-2022-22274 (CVSS 9.4) and CVE-2023-0656 (7.5) - affecting series 6 and 7 devices. Both the issues are buffer overflow vulnerabilities with potential to result in unauthenticated denial-of-service and remote code execution. Interestingly enough, the Bishop Fox research referenced above found over 170,000 Sonic Wall interfaces exposed to the internet and vulnerable to at least one of these issues.